Analysis Overview
SHA256
395f67fccccbea1c99cb243f2ff7994bfc211a19b3e3b583be219265b060d828
Threat Level: Known bad
The file JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Pykspa
Pykspa family
UAC bypass
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Hijack Execution Flow: Executable Installer File Permissions Weakness
Adds Run key to start application
Looks up external IP address via web service
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-17 19:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-17 19:26
Reported
2025-04-17 19:29
Platform
win10v2004-20250410-en
Max time kernel
43s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "cxhdqjcxoxtfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxylpzjv = "lhspdxrnfpmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "cxhdqjcxoxtfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxylpzjv = "yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxylpzjv = "jhutjfbztfetmirjlpfd.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "jhutjfbztfetmirjlpfd.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "vpytfxpjzhcncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "jhutjfbztfetmirjlpfd.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "cxhdqjcxoxtfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "cxhdqjcxoxtfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe ." | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "vpytfxpjzhcncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "yxllczwvqddtnkunqvmlz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yhfpqxenspzzdkehujktrbcjqze.llp | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File created | C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File created | C:\Program Files (x86)\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File created | C:\Windows\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\jhutjfbztfetmirjlpfd.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ppefxvttpdevqoztxdvvkl.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vpytfxpjzhcncuzn.exe | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\wtfdsnifyjhvniqhila.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\cxhdqjcxoxtfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\yxllczwvqddtnkunqvmlz.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lhspdxrnfpmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpytfxpjzhcncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhdqjcxoxtfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfdsnifyjhvniqhila.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bad3aa8bfd42552d828c35c8202f43f6.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
"C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
"C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe
C:\Windows\wtfdsnifyjhvniqhila.exe
wtfdsnifyjhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."
C:\Windows\jhutjfbztfetmirjlpfd.exe
jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Windows\yxllczwvqddtnkunqvmlz.exe
yxllczwvqddtnkunqvmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\lhspdxrnfpmzqkrhhj.exe
lhspdxrnfpmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Windows\vpytfxpjzhcncuzn.exe
vpytfxpjzhcncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe
C:\Windows\cxhdqjcxoxtfvouji.exe
cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 173.194.79.91:80 | www.youtube.com | tcp |
| BG | 79.100.45.122:16793 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | detuuqh.org | udp |
| US | 8.8.8.8:53 | rjxwvfmmloj.net | udp |
| US | 8.8.8.8:53 | lrjacuwrec.info | udp |
| US | 8.8.8.8:53 | cyhijmkwvkn.net | udp |
| US | 8.8.8.8:53 | byzbre.net | udp |
| US | 8.8.8.8:53 | ffpuodyw.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| LT | 87.239.87.221:29262 | tcp | |
| BG | 77.77.3.145:36703 | tcp | |
| RU | 109.165.72.202:30637 | tcp | |
| US | 8.8.8.8:53 | qvvguqwy.net | udp |
| US | 8.8.8.8:53 | tqqmldigvvrm.net | udp |
| US | 8.8.8.8:53 | hhlinqxejwm.info | udp |
| US | 8.8.8.8:53 | ggkeuoeimsys.org | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | kwhomglks.net | udp |
| US | 8.8.8.8:53 | jbdxqcybnkfv.net | udp |
| US | 8.8.8.8:53 | dqpomu.net | udp |
| US | 8.8.8.8:53 | qcefnd.net | udp |
| US | 8.8.8.8:53 | kuomoskuyqaw.com | udp |
| US | 8.8.8.8:53 | xkcihwt.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | gqtsrutbi.net | udp |
| US | 8.8.8.8:53 | snqcldmibk.net | udp |
| US | 8.8.8.8:53 | tszzpm.net | udp |
| US | 8.8.8.8:53 | qscwfvpmj.info | udp |
| US | 8.8.8.8:53 | uvcyeklkwum.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | kzjqjtbeoat.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | hmtoakcrr.info | udp |
| US | 8.8.8.8:53 | hvcutxbsd.net | udp |
| US | 8.8.8.8:53 | ljlwikvy.net | udp |
| US | 8.8.8.8:53 | qdlueiesmgdm.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | sxgjpwnofw.info | udp |
| US | 8.8.8.8:53 | ywyiok.com | udp |
| US | 8.8.8.8:53 | aprrqbrgfo.net | udp |
| US | 8.8.8.8:53 | xltjikzrnbiv.info | udp |
| US | 8.8.8.8:53 | kcikiif.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | dukqpwc.net | udp |
| US | 8.8.8.8:53 | uwskqcucgeae.org | udp |
| BG | 79.132.7.223:26281 | tcp | |
| US | 8.8.8.8:53 | pwhivbmuxm.net | udp |
| US | 8.8.8.8:53 | qqyonvx.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | pxaqhlvf.info | udp |
| US | 8.8.8.8:53 | ooqmwieg.com | udp |
| US | 8.8.8.8:53 | billlykfirwu.info | udp |
| US | 8.8.8.8:53 | rzoygmqiagj.info | udp |
| US | 8.8.8.8:53 | dqhsaodihvjl.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | mkiucyae.com | udp |
| US | 8.8.8.8:53 | inemtyoik.info | udp |
| US | 8.8.8.8:53 | bburnktebyz.info | udp |
| US | 8.8.8.8:53 | ootwgsd.info | udp |
| US | 8.8.8.8:53 | akymec.org | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | kqhvlaugrww.net | udp |
| US | 8.8.8.8:53 | naladfnaojom.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | uewafwvofqr.net | udp |
| US | 8.8.8.8:53 | pqnnrqc.info | udp |
| US | 8.8.8.8:53 | uevzujipdr.info | udp |
| US | 8.8.8.8:53 | hihkjf.info | udp |
| US | 8.8.8.8:53 | yekukswukw.org | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | fgunse.net | udp |
| US | 8.8.8.8:53 | agcacqwmeacc.com | udp |
| US | 8.8.8.8:53 | cugeucem.com | udp |
| US | 8.8.8.8:53 | sibcnuvoakm.info | udp |
| US | 8.8.8.8:53 | goqsmekciamo.org | udp |
| US | 8.8.8.8:53 | ggdgkkaed.net | udp |
| US | 8.8.8.8:53 | igijeycxxkk.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | przcykr.org | udp |
| US | 8.8.8.8:53 | quwimm.org | udp |
| US | 8.8.8.8:53 | nszfcnvfga.net | udp |
| US | 8.8.8.8:53 | mgwyuomsog.org | udp |
| US | 8.8.8.8:53 | wpevavgpvfsr.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | dgxycwogi.net | udp |
| US | 8.8.8.8:53 | carixf.net | udp |
| US | 8.8.8.8:53 | lihipchan.net | udp |
| US | 8.8.8.8:53 | uwmslwnyxgf.info | udp |
| US | 8.8.8.8:53 | sekuolepqh.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | xuzkxux.org | udp |
| US | 8.8.8.8:53 | gpyccbuoncou.net | udp |
| US | 8.8.8.8:53 | gtpvpc.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | weymbph.net | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | tkzcae.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | tcrmrfipd.com | udp |
| US | 8.8.8.8:53 | akfdfmvwa.net | udp |
| US | 8.8.8.8:53 | bwychid.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | mhggkwhmb.info | udp |
| US | 8.8.8.8:53 | jkzghqo.info | udp |
| US | 8.8.8.8:53 | wgdfkfka.info | udp |
| US | 8.8.8.8:53 | cnuwna.net | udp |
| US | 8.8.8.8:53 | zclmvyqah.com | udp |
| US | 8.8.8.8:53 | souabqs.net | udp |
| US | 8.8.8.8:53 | amfqrrz.net | udp |
| US | 8.8.8.8:53 | fbvltosyp.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| BG | 85.130.98.94:29528 | tcp | |
| US | 8.8.8.8:53 | ucfsjxe.net | udp |
| US | 8.8.8.8:53 | kmaeiocsskqm.com | udp |
| US | 8.8.8.8:53 | ogkekbm.net | udp |
| US | 8.8.8.8:53 | lyzefe.info | udp |
| US | 8.8.8.8:53 | saqanjt.info | udp |
| US | 8.8.8.8:53 | fkqizmxnir.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | iodiwolya.net | udp |
| US | 8.8.8.8:53 | nupfbooi.net | udp |
| US | 8.8.8.8:53 | cqqqoy.com | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | yqvquelp.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | kyolaqhttyrg.info | udp |
| US | 8.8.8.8:53 | lbdimib.org | udp |
| US | 8.8.8.8:53 | qwomamyiks.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | hutqhda.info | udp |
| US | 8.8.8.8:53 | awtgncpwdlk.info | udp |
| US | 8.8.8.8:53 | wihltvtnb.info | udp |
| US | 8.8.8.8:53 | guppwdc.net | udp |
| US | 8.8.8.8:53 | aluexu.info | udp |
| US | 8.8.8.8:53 | bwdxfsygfuh.info | udp |
| US | 8.8.8.8:53 | bldofskov.com | udp |
| US | 8.8.8.8:53 | suoycxzyvmxp.net | udp |
| US | 8.8.8.8:53 | cplxird.info | udp |
| BG | 93.155.147.247:43855 | tcp | |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | jcoanpvcvvo.com | udp |
| US | 8.8.8.8:53 | baptqjdo.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | fopgxpaecr.net | udp |
| US | 8.8.8.8:53 | ijpdptcadxoj.info | udp |
| US | 8.8.8.8:53 | cghwxt.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | hkdavivwtch.net | udp |
| US | 8.8.8.8:53 | uoyjrxw.net | udp |
| US | 8.8.8.8:53 | qkesja.info | udp |
| US | 8.8.8.8:53 | fqtifgu.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | rhulahwnvary.net | udp |
| US | 8.8.8.8:53 | ytfyepta.info | udp |
| US | 8.8.8.8:53 | wqioqcsciu.org | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | flrosx.info | udp |
| US | 8.8.8.8:53 | tznlxz.net | udp |
| US | 8.8.8.8:53 | ftkslr.info | udp |
| US | 8.8.8.8:53 | phiezkhxdu.info | udp |
| US | 8.8.8.8:53 | oarcxgnyt.info | udp |
| US | 8.8.8.8:53 | rszkipwwdwpt.info | udp |
| BG | 95.42.121.150:38992 | tcp | |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | cyooug.org | udp |
| US | 8.8.8.8:53 | lsbmfep.net | udp |
| US | 8.8.8.8:53 | rrpmox.info | udp |
| US | 8.8.8.8:53 | xqwodajmdx.net | udp |
| US | 8.8.8.8:53 | bclizwt.org | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | veppoi.net | udp |
| US | 8.8.8.8:53 | vgogwut.com | udp |
| US | 8.8.8.8:53 | wazblhhxoq.net | udp |
| US | 8.8.8.8:53 | yavcdinavym.info | udp |
| US | 8.8.8.8:53 | weookeomeuee.org | udp |
| US | 8.8.8.8:53 | cmyubgz.net | udp |
| US | 8.8.8.8:53 | gzbpdojmiphe.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | mqmqekowuyye.com | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | soxwvft.net | udp |
| US | 8.8.8.8:53 | bbnakkn.com | udp |
| US | 8.8.8.8:53 | xyhjstljxe.info | udp |
| US | 8.8.8.8:53 | zulskgb.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | pgvffkj.org | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | suvohrj.net | udp |
| US | 8.8.8.8:53 | tppgqgwlpzeq.net | udp |
| US | 8.8.8.8:53 | oiwezgjpuxf.net | udp |
| US | 8.8.8.8:53 | qeuutywuscv.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | psieeafcv.org | udp |
| US | 8.8.8.8:53 | pmlfklz.info | udp |
| US | 88.216.18.28:28446 | tcp | |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | pexlzxjcbx.net | udp |
| US | 8.8.8.8:53 | nlzqiqtgp.info | udp |
| US | 8.8.8.8:53 | bctuhmd.net | udp |
| US | 8.8.8.8:53 | xxquxqig.info | udp |
| US | 8.8.8.8:53 | yfqfpnztoxwv.info | udp |
| US | 8.8.8.8:53 | rlcaqtjxn.org | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | xcjzueqrllgo.net | udp |
| US | 8.8.8.8:53 | omccywoaku.org | udp |
| US | 8.8.8.8:53 | hrjitwegdkv.com | udp |
| US | 8.8.8.8:53 | arppzkmmrl.net | udp |
| US | 8.8.8.8:53 | qqdzztokd.info | udp |
| US | 8.8.8.8:53 | agkuowysmswg.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | hkbkoek.info | udp |
| US | 8.8.8.8:53 | pmoogx.info | udp |
| US | 8.8.8.8:53 | ngjstb.info | udp |
| US | 8.8.8.8:53 | copivz.info | udp |
| US | 8.8.8.8:53 | aygooswwiqsu.org | udp |
| US | 8.8.8.8:53 | wspcry.info | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | yuesusyg.org | udp |
| US | 8.8.8.8:53 | otjvbwwefeho.net | udp |
| US | 8.8.8.8:53 | cyumqccaee.com | udp |
| US | 8.8.8.8:53 | fljbfrbtshgk.net | udp |
| US | 8.8.8.8:53 | jtuyaihbdt.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | pcmhayqbo.com | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | fqnnwhnr.net | udp |
| US | 8.8.8.8:53 | tzzkqyxqz.com | udp |
| US | 8.8.8.8:53 | riwxreh.com | udp |
| US | 8.8.8.8:53 | vqjxaaxs.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | pzhkukrbdlhw.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | nfdrew.info | udp |
| US | 8.8.8.8:53 | lypsnjvdz.info | udp |
| US | 8.8.8.8:53 | vmpdfhauxe.info | udp |
| US | 8.8.8.8:53 | ajjpwophf.net | udp |
| US | 8.8.8.8:53 | mdqjhkdomv.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | pmdzyeveudma.info | udp |
| BG | 212.75.19.125:39027 | tcp | |
| US | 8.8.8.8:53 | lfnoredc.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | lizzpdnwj.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | vkueqobg.net | udp |
| US | 8.8.8.8:53 | volbvovv.info | udp |
| US | 8.8.8.8:53 | kupcxmpgb.net | udp |
| US | 8.8.8.8:53 | jkjerwwiu.net | udp |
| US | 8.8.8.8:53 | eyeqbekc.info | udp |
| US | 8.8.8.8:53 | nwtwdgd.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | yeaehszetla.info | udp |
| US | 8.8.8.8:53 | dkjxdlyr.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | elixqyege.net | udp |
| US | 8.8.8.8:53 | nkcguckxgm.net | udp |
| US | 8.8.8.8:53 | vebqddj.net | udp |
| US | 8.8.8.8:53 | brzxrzokre.info | udp |
| US | 8.8.8.8:53 | qycooauamgkq.com | udp |
| US | 8.8.8.8:53 | aiwmqyoeaq.org | udp |
| US | 8.8.8.8:53 | okoqguyeaqsm.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | lxdsvonj.info | udp |
| US | 8.8.8.8:53 | ccqgsg.org | udp |
| US | 8.8.8.8:53 | fyhcouhsdje.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | iqmktwxcv.net | udp |
| US | 8.8.8.8:53 | bcesjz.net | udp |
| US | 8.8.8.8:53 | puaqbshsmsu.info | udp |
| US | 8.8.8.8:53 | isdmqwn.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | btaylqe.net | udp |
| US | 8.8.8.8:53 | ydhydipwe.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | vwsqskcuszjg.info | udp |
| US | 8.8.8.8:53 | sociouuiieku.org | udp |
| US | 8.8.8.8:53 | ococwc.com | udp |
| US | 8.8.8.8:53 | mvtjdm.net | udp |
| US | 8.8.8.8:53 | byvhdu.net | udp |
| US | 8.8.8.8:53 | wuvylbxd.net | udp |
| US | 8.8.8.8:53 | xjnhhaldac.net | udp |
| US | 8.8.8.8:53 | rfyzqvxq.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| ES | 79.116.184.123:13399 | tcp | |
| US | 8.8.8.8:53 | cqbexrvwvar.net | udp |
| US | 8.8.8.8:53 | lpiyvvfrngx.com | udp |
| US | 8.8.8.8:53 | ouwjpwd.net | udp |
| US | 8.8.8.8:53 | cjhzmj.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | kyagwswe.org | udp |
| US | 8.8.8.8:53 | gkdyligxn.net | udp |
| US | 8.8.8.8:53 | vcekrzma.net | udp |
| US | 8.8.8.8:53 | hzfisydtac.net | udp |
| US | 8.8.8.8:53 | gcqowmwskw.org | udp |
| US | 8.8.8.8:53 | tyechxkip.net | udp |
| US | 8.8.8.8:53 | qcfwyobyswu.info | udp |
| US | 8.8.8.8:53 | oidodxtwswct.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | pqhvrgd.org | udp |
| US | 8.8.8.8:53 | swegnosgwz.net | udp |
| US | 8.8.8.8:53 | bmospulyl.org | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | gkkgckcycm.com | udp |
| US | 8.8.8.8:53 | xshutkx.net | udp |
| US | 8.8.8.8:53 | ixzzrixpmqsq.info | udp |
| US | 8.8.8.8:53 | jksykdd.com | udp |
| US | 8.8.8.8:53 | gbkqmyielmd.net | udp |
| US | 8.8.8.8:53 | bdvvsjdl.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | eoezdb.net | udp |
| US | 8.8.8.8:53 | hxgrdpm.info | udp |
| US | 8.8.8.8:53 | gebeoqildwl.net | udp |
| US | 8.8.8.8:53 | tzbzxqnnrd.info | udp |
| US | 8.8.8.8:53 | ezdhnefp.info | udp |
| US | 8.8.8.8:53 | ycggmssmvrf.net | udp |
| US | 8.8.8.8:53 | hdoiscnaii.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | oqvrlsb.info | udp |
| US | 8.8.8.8:53 | flbeewlil.info | udp |
| US | 8.8.8.8:53 | zkhidfqrrkh.com | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | qpttpgigjh.net | udp |
| US | 8.8.8.8:53 | rglmrwgr.net | udp |
| US | 8.8.8.8:53 | cptqnujiv.info | udp |
| US | 8.8.8.8:53 | cunzzsfay.info | udp |
| US | 8.8.8.8:53 | oydcvapezglx.info | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | qmzxfv.info | udp |
| US | 8.8.8.8:53 | kupqvcbokgx.info | udp |
| US | 8.8.8.8:53 | igbnznvj.net | udp |
| US | 8.8.8.8:53 | vqryfrsen.org | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | azxknakvts.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | ckkwgcsk.com | udp |
| US | 8.8.8.8:53 | cijrvhnwmen.net | udp |
| US | 8.8.8.8:53 | llnhsvyvmsjo.info | udp |
| US | 8.8.8.8:53 | oksywseq.com | udp |
| US | 8.8.8.8:53 | wzjmrobem.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | hqmdvk.net | udp |
| US | 8.8.8.8:53 | pizyxbfml.com | udp |
| US | 8.8.8.8:53 | rprbiojh.info | udp |
| US | 8.8.8.8:53 | raxvlgucm.info | udp |
| US | 8.8.8.8:53 | eogouocqiqcy.org | udp |
| US | 8.8.8.8:53 | tcpbkuj.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | zupozbuyzc.info | udp |
| US | 8.8.8.8:53 | fljqrqzil.org | udp |
| US | 8.8.8.8:53 | cbpwoix.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | xtrnbgrnsns.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | qodnzirciqss.net | udp |
| US | 8.8.8.8:53 | syxdtrtrobky.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | rppwyefwfjxp.net | udp |
| US | 8.8.8.8:53 | vujpluryrytu.net | udp |
| US | 8.8.8.8:53 | kijpuszykgyc.net | udp |
| LT | 78.57.185.245:13035 | tcp | |
| US | 8.8.8.8:53 | bwtbrciotmkl.net | udp |
| US | 8.8.8.8:53 | lksakezug.com | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | casucogiqsma.com | udp |
| US | 8.8.8.8:53 | motrotee.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | cqvqym.net | udp |
| US | 8.8.8.8:53 | uapgincf.info | udp |
| US | 8.8.8.8:53 | edlseww.net | udp |
| US | 8.8.8.8:53 | yrhglc.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | njgctdffsq.info | udp |
| US | 8.8.8.8:53 | qolchahsp.info | udp |
| US | 8.8.8.8:53 | fhldzawwtzj.org | udp |
| US | 8.8.8.8:53 | ernehhjkks.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | zcpodcx.com | udp |
| US | 8.8.8.8:53 | ofhethwi.info | udp |
| US | 8.8.8.8:53 | ggxhdaklt.net | udp |
| US | 8.8.8.8:53 | qzzcfouwmbqd.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | wkgmbuz.info | udp |
| US | 8.8.8.8:53 | zbleezv.info | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | cagqicuskuyi.org | udp |
| US | 8.8.8.8:53 | urredvxxwsm.info | udp |
| US | 8.8.8.8:53 | ogjcfug.net | udp |
| US | 8.8.8.8:53 | sfcwlwr.net | udp |
| US | 8.8.8.8:53 | tkjokbyoxlv.org | udp |
| US | 8.8.8.8:53 | dktizmgfn.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | lmzlkmt.org | udp |
| US | 8.8.8.8:53 | dshyudqln.info | udp |
| US | 8.8.8.8:53 | tfljbyun.net | udp |
| US | 8.8.8.8:53 | vlgxccluan.net | udp |
| US | 8.8.8.8:53 | cqyfdmlhgpla.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | ocfjydrxf.info | udp |
| US | 8.8.8.8:53 | birxqewzma.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | zmbvzpwrxatd.net | udp |
| US | 8.8.8.8:53 | wsyelgbqlzh.net | udp |
| US | 8.8.8.8:53 | ddxghgl.org | udp |
| US | 8.8.8.8:53 | sqyieggqoy.org | udp |
| US | 8.8.8.8:53 | qsemsecseuqy.com | udp |
| US | 8.8.8.8:53 | oesobnowdot.net | udp |
| US | 8.8.8.8:53 | omgommbnjsx.info | udp |
| US | 8.8.8.8:53 | vxubdlgw.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | pfrlvq.net | udp |
| US | 8.8.8.8:53 | karyrsdkv.net | udp |
| US | 8.8.8.8:53 | togiytqvxo.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | hkxcttgiv.info | udp |
| US | 8.8.8.8:53 | pcvyjavzm.net | udp |
| US | 8.8.8.8:53 | byvsfw.info | udp |
| US | 8.8.8.8:53 | yiikac.com | udp |
| US | 8.8.8.8:53 | putkrobes.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | kqboduj.net | udp |
| MD | 95.153.98.116:37089 | tcp | |
| US | 8.8.8.8:53 | kqeesyyegiqy.org | udp |
| US | 8.8.8.8:53 | bxawzc.net | udp |
| US | 8.8.8.8:53 | cokwaossewus.org | udp |
| US | 8.8.8.8:53 | iyiusqii.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | yzvuwpd.info | udp |
| US | 8.8.8.8:53 | teybpyfil.net | udp |
| US | 8.8.8.8:53 | tiqywtur.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | aloukfplgexl.info | udp |
| US | 8.8.8.8:53 | tcpicwzse.net | udp |
| US | 8.8.8.8:53 | ilfkhurwrcu.info | udp |
| US | 8.8.8.8:53 | kxrlfpdyrsn.info | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | bbebhywzhp.info | udp |
| US | 8.8.8.8:53 | uwewokkkao.com | udp |
| US | 8.8.8.8:53 | ybdxxpjz.net | udp |
| US | 8.8.8.8:53 | bskyxfxcvx.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | yywgyyiomioa.org | udp |
| US | 8.8.8.8:53 | qsmcqkuy.org | udp |
| US | 8.8.8.8:53 | cgqysyyycooa.com | udp |
| US | 8.8.8.8:53 | sgrptsiotd.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | bubengz.org | udp |
| BG | 213.214.73.99:33325 | tcp | |
| US | 8.8.8.8:53 | kwnjyk.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | ybvbbomur.net | udp |
| US | 8.8.8.8:53 | raonpbn.com | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | vkformz.org | udp |
| US | 8.8.8.8:53 | ycaqma.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | cqkdpulihwv.net | udp |
| US | 8.8.8.8:53 | qkpahbpwkohq.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | gztnchhmn.info | udp |
| US | 8.8.8.8:53 | lwokfznop.net | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | rvwmedlpng.net | udp |
| US | 8.8.8.8:53 | abzmrur.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | guaicuseig.com | udp |
| BG | 151.252.195.88:28108 | tcp | |
| US | 8.8.8.8:53 | wijayyfmvwp.info | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | ccdlanznha.info | udp |
| US | 8.8.8.8:53 | xvxshcnh.info | udp |
| US | 8.8.8.8:53 | bvewfg.info | udp |
| US | 8.8.8.8:53 | ejfqvexqvaz.net | udp |
| US | 8.8.8.8:53 | rxvtluqezlfu.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | neopaj.net | udp |
| US | 8.8.8.8:53 | wmypdahtb.info | udp |
| US | 8.8.8.8:53 | mlldatlb.info | udp |
| US | 8.8.8.8:53 | vcnqbqj.com | udp |
| US | 8.8.8.8:53 | dbtktxwheu.info | udp |
| US | 8.8.8.8:53 | pitcatmjnwbw.net | udp |
| US | 8.8.8.8:53 | qiikcu.com | udp |
| US | 8.8.8.8:53 | zrlebnrwhvjr.info | udp |
| US | 8.8.8.8:53 | frhaphb.org | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | rydxdjt.com | udp |
| US | 8.8.8.8:53 | jkaclwtsb.org | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | iutjjvxez.info | udp |
| US | 8.8.8.8:53 | shhelgbyjuh.info | udp |
| US | 8.8.8.8:53 | cpfyjqzd.net | udp |
| US | 8.8.8.8:53 | kwukgwsk.com | udp |
| US | 8.8.8.8:53 | xmvyhuzej.net | udp |
| US | 8.8.8.8:53 | fzrgbhzd.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | pmbszbxetsu.net | udp |
| US | 8.8.8.8:53 | pdosssrvyq.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | vquxweyer.net | udp |
| BG | 109.199.143.142:22090 | tcp | |
| US | 8.8.8.8:53 | teliagm.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | vtpvzvyr.net | udp |
| US | 8.8.8.8:53 | glwzncdjh.info | udp |
| US | 8.8.8.8:53 | vfcvslibyr.info | udp |
| US | 8.8.8.8:53 | yxtajncqyh.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | ukxhtwnlp.info | udp |
| US | 8.8.8.8:53 | bdjiqacqitd.com | udp |
| US | 8.8.8.8:53 | rpkhucjyjspv.net | udp |
| US | 8.8.8.8:53 | ydyofq.info | udp |
| US | 8.8.8.8:53 | ooioxax.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | tstivv.net | udp |
| US | 8.8.8.8:53 | nnfseh.info | udp |
| US | 8.8.8.8:53 | kfbytknb.info | udp |
| US | 8.8.8.8:53 | tngambyjl.com | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | xapkosvswcc.info | udp |
| US | 8.8.8.8:53 | arnimu.info | udp |
| US | 8.8.8.8:53 | ctkipoxh.info | udp |
| US | 8.8.8.8:53 | jspyhddg.info | udp |
| US | 8.8.8.8:53 | qqtynwr.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | tkhgpiicd.info | udp |
| US | 8.8.8.8:53 | cmtuzie.info | udp |
| US | 8.8.8.8:53 | dengxfrwxu.info | udp |
| US | 8.8.8.8:53 | hunimbzohgb.org | udp |
| US | 8.8.8.8:53 | xiydxik.com | udp |
| US | 8.8.8.8:53 | zshnjlaoxzju.net | udp |
| US | 8.8.8.8:53 | dmtqahrupfa.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | hmvucwy.info | udp |
| US | 8.8.8.8:53 | nmrmhfg.com | udp |
| BG | 46.10.166.119:35540 | tcp | |
| US | 8.8.8.8:53 | wshejppov.info | udp |
| US | 8.8.8.8:53 | pwclvhkpxs.info | udp |
| US | 8.8.8.8:53 | usicsmssoc.org | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | xtyfxsdfxufx.net | udp |
| US | 8.8.8.8:53 | hujwdm.info | udp |
| US | 8.8.8.8:53 | lziwcdgkyknr.net | udp |
| US | 8.8.8.8:53 | wqnnrirwb.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | dyvjmt.net | udp |
| US | 8.8.8.8:53 | kzdnojsn.info | udp |
| US | 8.8.8.8:53 | rugencdg.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | qweejur.info | udp |
| US | 8.8.8.8:53 | ncdknip.net | udp |
| US | 8.8.8.8:53 | ociaagii.com | udp |
| US | 8.8.8.8:53 | xglqwgp.net | udp |
| US | 8.8.8.8:53 | qgvvvu.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | ueeyqq.org | udp |
| US | 8.8.8.8:53 | indafalddzkq.net | udp |
| US | 8.8.8.8:53 | gxforcnsesz.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | eapimys.info | udp |
| US | 8.8.8.8:53 | wqyfvumvbc.info | udp |
| US | 8.8.8.8:53 | tmarfexmj.info | udp |
| US | 8.8.8.8:53 | jcyxvlfeh.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | ekfhnapvvq.net | udp |
| US | 8.8.8.8:53 | aiyqkoqu.com | udp |
| US | 8.8.8.8:53 | pkzpzdxg.info | udp |
| US | 8.8.8.8:53 | dmrhnwbn.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | fkginjzudyn.com | udp |
| US | 8.8.8.8:53 | lpdcrf.net | udp |
| US | 8.8.8.8:53 | uylylcygr.net | udp |
| US | 8.8.8.8:53 | mpzehrha.info | udp |
| US | 8.8.8.8:53 | amvzinfdpif.net | udp |
| US | 8.8.8.8:53 | owfkew.info | udp |
| US | 8.8.8.8:53 | apqefktc.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | yyyoykcckiey.org | udp |
| US | 8.8.8.8:53 | bktgmtvjwdp.org | udp |
| US | 8.8.8.8:53 | xtesyey.org | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | hirugivrcvk.info | udp |
| US | 8.8.8.8:53 | nlfmnuipisot.info | udp |
| US | 8.8.8.8:53 | ogwcgeoo.com | udp |
| US | 8.8.8.8:53 | svumqehfhuhv.net | udp |
| US | 8.8.8.8:53 | mqcwpgd.net | udp |
| US | 8.8.8.8:53 | gikckgciiu.org | udp |
| BG | 46.237.97.135:13081 | tcp | |
| US | 8.8.8.8:53 | javxohqgzbfd.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | uytwawzc.info | udp |
| US | 8.8.8.8:53 | lurgxqw.net | udp |
| US | 8.8.8.8:53 | wdgdbextgsho.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | smqgio.org | udp |
| US | 8.8.8.8:53 | ocmwddbf.net | udp |
| US | 8.8.8.8:53 | uxhdce.net | udp |
| US | 8.8.8.8:53 | brxpsabpfo.info | udp |
| US | 8.8.8.8:53 | szpvet.net | udp |
| US | 8.8.8.8:53 | lnoibcb.net | udp |
| US | 8.8.8.8:53 | prqqjtdt.info | udp |
| US | 8.8.8.8:53 | hqnxzcrham.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | yiosqu.com | udp |
| US | 8.8.8.8:53 | mqfbpujxnxt.net | udp |
| US | 8.8.8.8:53 | xrkrou.net | udp |
| US | 8.8.8.8:53 | kszbzats.net | udp |
| US | 8.8.8.8:53 | oroqjojtbbfj.info | udp |
| US | 8.8.8.8:53 | ouhbpaxowd.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | ohrufoh.net | udp |
| US | 8.8.8.8:53 | osxjpskd.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | bvzvppdlyb.info | udp |
| US | 8.8.8.8:53 | gtazjkbyrcjc.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | yylkvpptlo.info | udp |
| US | 8.8.8.8:53 | eaeame.org | udp |
| US | 8.8.8.8:53 | tjizle.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| LT | 78.58.58.132:27706 | tcp | |
| US | 8.8.8.8:53 | oashxx.info | udp |
| US | 8.8.8.8:53 | rypinkujvsh.net | udp |
| US | 8.8.8.8:53 | hwclyifovyw.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | ayshuy.info | udp |
| US | 8.8.8.8:53 | gehivkikbww.info | udp |
| US | 8.8.8.8:53 | evqvyqznbs.info | udp |
| US | 8.8.8.8:53 | lqnblqcibsy.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | cscgmmwmas.org | udp |
| US | 8.8.8.8:53 | xiuxioldgwuf.info | udp |
| US | 8.8.8.8:53 | uucaoiauuyys.com | udp |
| US | 8.8.8.8:53 | aazjaeqqkun.net | udp |
| US | 8.8.8.8:53 | ostbaefw.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | dxlypnr.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | agsmgg.org | udp |
| US | 8.8.8.8:53 | woawvtpkpyh.net | udp |
| US | 8.8.8.8:53 | hewmikl.info | udp |
| US | 8.8.8.8:53 | vsosruqrjzox.net | udp |
| US | 8.8.8.8:53 | kyfhtkndoc.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | hvahse.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | bzndqwue.info | udp |
| US | 8.8.8.8:53 | emiggyauyuki.org | udp |
| US | 8.8.8.8:53 | ztaybpovfv.net | udp |
| US | 8.8.8.8:53 | hmrillnldccx.info | udp |
| US | 8.8.8.8:53 | wngdyu.info | udp |
| US | 8.8.8.8:53 | ujfjhnly.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | vorsvulswmce.info | udp |
| US | 8.8.8.8:53 | rtctdafrtt.info | udp |
| US | 8.8.8.8:53 | btlzhd.net | udp |
| US | 8.8.8.8:53 | qseyioyqau.com | udp |
| US | 8.8.8.8:53 | amgqrzncbkwo.net | udp |
| US | 8.8.8.8:53 | suwaqomqye.com | udp |
| US | 8.8.8.8:53 | nogykqskujfb.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | ivhcjwzxop.net | udp |
| US | 8.8.8.8:53 | bavneaoeve.net | udp |
| US | 8.8.8.8:53 | lmskkud.net | udp |
| US | 8.8.8.8:53 | hexhmh.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | jjoajilixl.net | udp |
| US | 8.8.8.8:53 | ojrszqyplj.net | udp |
| US | 8.8.8.8:53 | oixgnbrn.info | udp |
| US | 8.8.8.8:53 | elpifj.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | ohqebyiw.net | udp |
| US | 8.8.8.8:53 | aycdgmiaup.net | udp |
| US | 8.8.8.8:53 | nlatpmzwnof.net | udp |
| US | 8.8.8.8:53 | uokxdqpa.net | udp |
| US | 8.8.8.8:53 | hzfzowhc.net | udp |
| US | 8.8.8.8:53 | owgmcwl.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | amtmskhhpat.net | udp |
| US | 8.8.8.8:53 | cusculql.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| MD | 109.185.142.42:35815 | tcp | |
| US | 8.8.8.8:53 | awditowad.info | udp |
| US | 8.8.8.8:53 | mgdyrkson.net | udp |
| US | 8.8.8.8:53 | bkbouhrwjtik.net | udp |
| US | 8.8.8.8:53 | ksrydraoogck.info | udp |
| US | 8.8.8.8:53 | vcmwlyrgs.net | udp |
| US | 8.8.8.8:53 | djanychncjor.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | yafppj.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | fetidsj.org | udp |
| US | 8.8.8.8:53 | flhwfgxermks.net | udp |
| US | 8.8.8.8:53 | uobgrch.net | udp |
| US | 8.8.8.8:53 | npitjyniz.com | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | nmtatczonat.info | udp |
| US | 8.8.8.8:53 | yhhkzehxb.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
| MD5 | edc443a01eae017b205529f71d9bbd75 |
| SHA1 | 028522b9b5ed1d14bb20955e4b2cb2b2f340037e |
| SHA256 | 0e90aa289f66161994bf43ee96474fb76e2638e3645f4634e45c181131ef4541 |
| SHA512 | 7404166be1675f8a96d0f7886f41bba267e456d298227a93d6c0e79e77dc27bc8c5f66cfde14322f3cb1dfb5645b78c475fa7e92cbd95e48516be21adc6b8913 |
C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe
| MD5 | bad3aa8bfd42552d828c35c8202f43f6 |
| SHA1 | 8e4baedd28bfa1b0cad3643a3dee24449a0a1df9 |
| SHA256 | 395f67fccccbea1c99cb243f2ff7994bfc211a19b3e3b583be219265b060d828 |
| SHA512 | ec58caa9b81e0f590f38b2592fab525b2f1efd3ab7fe89009dfc6bf8cf35c713d487f2ae9038175545261e3071901ec82699e302b07159de0543727c8a430421 |
C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
| MD5 | e92f9595f72b20c9d968f9bf2a9690eb |
| SHA1 | 46262e2f27699229b28f6e37ecad434a713335eb |
| SHA256 | b958879dba42160566a237c89fc577c9e50f08bb8d8928706cee249c00fe663a |
| SHA512 | 12208838475338c614951e466db0b94ba78c38d92e2ae02ae70e18ebbc39a76401decb30b109d6c56175112bdcefe3d9fca6b8a0c0f177d44af30d200d5c0914 |
C:\Users\Admin\AppData\Local\yhfpqxenspzzdkehujktrbcjqze.llp
| MD5 | a753c7ab968fc71dbbd9004d96da3a05 |
| SHA1 | c8c59d8f42312dd5a7895ee4d1b2af58ddd4cd3a |
| SHA256 | 00452d65c02da6181ff0ddc28adb5700717c930e4945b36ec26e14b7951b4605 |
| SHA512 | 47e3923e9c79e207dc6aa76d018907acec6101e5c5b728d0a0ad57428ea000eb8ee6ed27d27876ce8bf0591688b17bbeae5dd866167f9c2efcf932dbfb2d87ca |
C:\Users\Admin\AppData\Local\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb
| MD5 | 805ad68345efdb7a9aaa4e078ac70dc8 |
| SHA1 | df8e62eb2fcfb29a101840473271f0f0d547aa0d |
| SHA256 | 41728293d0271a6fa4fd4c8594df7ea2e642431a4228cacb93933adb426e498c |
| SHA512 | a6edaf119b9f4472226e5eea628b00908779b3ae3faead4845debc790ea162140c7c59518ff32438019186cc082db174b1aa2d2ece80dd5c0f5b0ac82f3f431f |
C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp
| MD5 | 21600d07ef36416b4a45d352784349cb |
| SHA1 | f89ac7afe8754d3960312ac0211fa2a8df196887 |
| SHA256 | c2195d329deaaa73fa9160b9d5b35c1048d51a23d1055e9e793d3abb95bccbe6 |
| SHA512 | 29ebf1392461e6c564a101d835b6ac202bbefe9221af21c4bf54b469def30535496457128f1e1950070b40ab8234c2da01d0f865b70ddbfd109ea1c05b479585 |
C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp
| MD5 | 75c0ef275bdb91630194f2a43ad71dc5 |
| SHA1 | 9a30ae72d596f26a8755d4666b3221cdacbb493f |
| SHA256 | b6421523d3586a0aad947f398406995ba7e4227cc34d7f550062387a489a58bb |
| SHA512 | 324f32ead5154d8d6f11c36af8da3446e6b7988f0488c346ce139844dbf5d0f6c95d5fc8be9e9bc37aa59070cc1534081878b6b2c7c412c683909b9a14acb092 |
C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp
| MD5 | d5ffbef2279801c8cd8c6dd6f343bec1 |
| SHA1 | 5b1b2cbc8fcc2fcc3882eb173b0ced764c6c338a |
| SHA256 | bfba5f0a197ac704828e034e8f8c825fd9338aa036f9bbe4f512ca030d8b433d |
| SHA512 | 9612493fc46fee9fe07401219949718cc9d61f09fb398abdad106b1034209217aea1c0a5020314c84edcc53506dbf28783bbf1e7db49884c4a7dfd44969c8a3b |
C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp
| MD5 | ab638622cb533da9fe836b1458140cf8 |
| SHA1 | cb198cdc7234b5ab06c157110746c9e152f686b6 |
| SHA256 | 76fb48e6e47343bc5a030b7fa77d196648fb3ca012e059a7b84e0f0f84cde30e |
| SHA512 | 58219f36b4d9d44e981e9893f28998db62b883082578662153ac0d6e15ae95606af11f9f4a2d57aaeac37c0672cb4e95596a750b42d18c14c6eb9e371953423d |
C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp
| MD5 | b22c0e6ca59117185c120924c7dcd2f1 |
| SHA1 | 3ea95f391b7ac752e47095ff6c004569d54fcdfe |
| SHA256 | 4edfec49c3842d76627b78bc5e838a7399f9d44c2ef2ba50412afdc2e765b7ca |
| SHA512 | 9c5586500936fb010512f76c978b6ba068855ae35af13deb3e3472e5d3b659dbf048e3ad3cb71bd34df69d34cd4ad42eba7856ae8e853c6202bed841b8de0133 |
C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp
| MD5 | 662a2990918ae049abe259e844e7bcc8 |
| SHA1 | 49f893412f2405b3784e00d22ef232d81049a673 |
| SHA256 | 3ff1d090c1f1dd16a068e529133c461a79240333f8d30d0cdc78da37bbd82153 |
| SHA512 | 2d76275597a17819b30db0b4c30f1b1687bd1cb1c8d9a17c4a33fa70038a2c51965e9634f4f69788cd8223f1a7ff631581ae56eaa51f161191178c28c7307da1 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-17 19:26
Reported
2025-04-17 19:29
Platform
win11-20250410-en
Max time kernel
40s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crnphytuldftezhzyzqfb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zjaxkwmiuhentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "grjhvizwjxvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "anhhxmfetjjvexdtqpe.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "hvkcpidooyvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "anbsewqazientjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cbhtv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbwxoeyyofgtdxevttjx.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "qfvocwsefqozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "qfvocwsefqozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\trwh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crnphytuldftezhzyzqfb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "dvokbyxmqeftezhzyzrjc.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "dvokbyxmqeftezhzyzrjc.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "anbsewqazientjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "hvkcpidooyvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\trwh = "anhhxmfetjjvexdtqpe.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "dvokbyxmqeftezhzyzrjc.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "bricrmjwykjvexdtqpf.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "hvkcpidooyvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File created | C:\Windows\SysWOW64\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File created | C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Program Files (x86)\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File created | C:\Program Files (x86)\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File created | C:\Windows\uvxcciqobyifzduvdnoprwwcki.scz | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\unhewuukpegvhdmffhatnk.exe | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bricrmjwykjvexdtqpf.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\anbsewqazientjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\qfvocwsefqozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ofxsiecqtggtdxevttkb.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hvkcpidooyvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbwxoeyyofgtdxevttjx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qfvocwsefqozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bricrmjwykjvexdtqpf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pbutiwomapozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pbutiwomapozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bricrmjwykjvexdtqpf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\crnphytuldftezhzyzqfb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bricrmjwykjvexdtqpf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\crnphytuldftezhzyzqfb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qfvocwsefqozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zjaxkwmiuhentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qfvocwsefqozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ofxsiecqtggtdxevttkb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anbsewqazientjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvokbyxmqeftezhzyzrjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hvkcpidooyvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anhhxmfetjjvexdtqpe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\anbsewqazientjmz.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\dfiop.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bad3aa8bfd42552d828c35c8202f43f6.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\dfiop.exe
"C:\Users\Admin\AppData\Local\Temp\dfiop.exe" "-C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe"
C:\Users\Admin\AppData\Local\Temp\dfiop.exe
"C:\Users\Admin\AppData\Local\Temp\dfiop.exe" "-C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\zjaxkwmiuhentjmz.exe
zjaxkwmiuhentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\crnphytuldftezhzyzqfb.exe
crnphytuldftezhzyzqfb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe .
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\pbutiwomapozhzetpn.exe
pbutiwomapozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\pbutiwomapozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\crnphytuldftezhzyzqfb.exe*."
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\nbwxoeyyofgtdxevttjx.exe*."
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\pbutiwomapozhzetpn.exe
pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\pbutiwomapozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anhhxmfetjjvexdtqpe.exe*."
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Windows\crnphytuldftezhzyzqfb.exe
crnphytuldftezhzyzqfb.exe .
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe
C:\Windows\nbwxoeyyofgtdxevttjx.exe
nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe
C:\Windows\pbutiwomapozhzetpn.exe
pbutiwomapozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\zjaxkwmiuhentjmz.exe
zjaxkwmiuhentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\zjaxkwmiuhentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe
C:\Windows\nbwxoeyyofgtdxevttjx.exe
nbwxoeyyofgtdxevttjx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe .
C:\Windows\pbutiwomapozhzetpn.exe
pbutiwomapozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\pbutiwomapozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anhhxmfetjjvexdtqpe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\nbwxoeyyofgtdxevttjx.exe*."
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\crnphytuldftezhzyzqfb.exe
crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .
C:\Windows\crnphytuldftezhzyzqfb.exe
crnphytuldftezhzyzqfb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe
C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe
C:\Windows\dvokbyxmqeftezhzyzrjc.exe
dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bricrmjwykjvexdtqpf.exe
bricrmjwykjvexdtqpf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\anbsewqazientjmz.exe
anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .
C:\Windows\ofxsiecqtggtdxevttkb.exe
ofxsiecqtggtdxevttkb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .
C:\Windows\qfvocwsefqozhzetpn.exe
qfvocwsefqozhzetpn.exe .
C:\Windows\hvkcpidooyvfmdhvq.exe
hvkcpidooyvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| NL | 142.251.31.191:80 | www.blogger.com | tcp |
| US | 87.120.53.195:27941 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| BG | 85.130.98.94:29528 | tcp | |
| BG | 93.123.124.231:32816 | tcp | |
| MD | 188.237.48.206:33202 | tcp | |
| US | 8.8.8.8:53 | giaiyiskou.org | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| IT | 31.13.210.127:39130 | tcp | |
| US | 8.8.8.8:53 | uzrekbzzxhoz.info | udp |
| US | 8.8.8.8:53 | cddevqxvxax.info | udp |
| ES | 79.112.215.63:44453 | tcp | |
| US | 8.8.8.8:53 | oegaeoau.org | udp |
| BR | 187.38.91.147:19885 | tcp | |
| US | 8.8.8.8:53 | ykhiazzieia.net | udp |
| US | 8.8.8.8:53 | mcsueepqltt.net | udp |
| FR | 130.180.214.117:21926 | tcp | |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | fgefye.net | udp |
| US | 8.8.8.8:53 | guygewecqo.com | udp |
| US | 88.216.2.72:38356 | tcp | |
| US | 8.8.8.8:53 | qcritmnmlwgk.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | fyhcouhsdje.com | udp |
| MK | 31.11.73.177:32437 | tcp | |
| US | 8.8.8.8:53 | gynkzsbmd.info | udp |
| US | 8.8.8.8:53 | pvcgkd.net | udp |
| US | 8.8.8.8:53 | fjaquf.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| BR | 177.102.102.110:36937 | tcp | |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | casucogiqsma.com | udp |
| FR | 130.180.214.117:21926 | tcp | |
| US | 8.8.8.8:53 | cscycugm.net | udp |
| US | 8.8.8.8:53 | vqhydndl.info | udp |
| LT | 78.58.58.132:27706 | tcp | |
| US | 8.8.8.8:53 | xursjar.net | udp |
| US | 8.8.8.8:53 | kutjbotdz.info | udp |
| US | 8.8.8.8:53 | eqxijetqi.net | udp |
| BG | 151.252.195.88:28108 | tcp | |
| US | 8.8.8.8:53 | mjpfonuh.net | udp |
| US | 8.8.8.8:53 | pxlqpo.info | udp |
| US | 8.8.8.8:53 | lcrllcboc.info | udp |
| MD | 89.45.3.4:21098 | tcp | |
| US | 8.8.8.8:53 | pcrcnepxpovl.net | udp |
| US | 8.8.8.8:53 | pwclvhkpxs.info | udp |
| US | 8.8.8.8:53 | myjcyrq.info | udp |
| DE | 95.222.249.26:40036 | tcp | |
| US | 8.8.8.8:53 | guqmsk.com | udp |
| US | 8.8.8.8:53 | xmjggax.com | udp |
| RS | 95.86.4.110:24189 | tcp | |
| US | 8.8.8.8:53 | zzwqbkmm.info | udp |
| US | 8.8.8.8:53 | gpdmczd.net | udp |
| US | 8.8.8.8:53 | hdnnowqfmqfv.info | udp |
| US | 8.8.8.8:53 | jlanfvjd.net | udp |
| US | 8.8.8.8:53 | kguszvsmxjjs.net | udp |
| BG | 85.130.3.90:36406 | tcp | |
| US | 8.8.8.8:53 | jaevanxjshlb.net | udp |
| US | 8.8.8.8:53 | ymxxgov.info | udp |
| US | 8.8.8.8:53 | ifemydpptl.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | tkrliy.net | udp |
| US | 8.8.8.8:53 | zpfebavnjas.com | udp |
| US | 8.8.8.8:53 | uafaxnf.net | udp |
| US | 8.8.8.8:53 | hkzuehzublk.net | udp |
| US | 8.8.8.8:53 | iwsehix.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | mekmgouiim.com | udp |
| US | 8.8.8.8:53 | jbtudo.info | udp |
| US | 8.8.8.8:53 | sjdandkop.info | udp |
| US | 8.8.8.8:53 | gtylhqhg.net | udp |
| US | 8.8.8.8:53 | tsvybadgji.net | udp |
| US | 8.8.8.8:53 | yjfqrphjdu.info | udp |
| US | 8.8.8.8:53 | zevfamxisaz.org | udp |
| US | 8.8.8.8:53 | zefcprxdt.com | udp |
| US | 8.8.8.8:53 | bfskahzr.net | udp |
| US | 8.8.8.8:53 | xoqmmybge.info | udp |
| US | 8.8.8.8:53 | ncsexuj.org | udp |
| US | 8.8.8.8:53 | hwmpymnjfg.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | scsuisswquye.org | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | hmthxzzexz.net | udp |
| US | 8.8.8.8:53 | miboaxrk.info | udp |
| US | 8.8.8.8:53 | nbfxyiui.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | eepenyzwa.info | udp |
| US | 8.8.8.8:53 | bsdddczxfg.net | udp |
| US | 8.8.8.8:53 | kcvrva.info | udp |
| US | 8.8.8.8:53 | xfsgmpi.info | udp |
| US | 8.8.8.8:53 | hijtqj.info | udp |
| US | 8.8.8.8:53 | myfwieuiduv.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | oawmkcqmim.org | udp |
| US | 8.8.8.8:53 | djsdzb.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| BG | 77.76.172.6:38620 | tcp | |
| US | 8.8.8.8:53 | cedczqhe.net | udp |
| US | 8.8.8.8:53 | ndnialpy.info | udp |
| US | 8.8.8.8:53 | lejmbdgh.net | udp |
| US | 8.8.8.8:53 | qymmgigqgmmy.com | udp |
| US | 8.8.8.8:53 | dcynemlvinhx.net | udp |
| US | 8.8.8.8:53 | issyeq.com | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | mqgotkyvydwd.net | udp |
| US | 8.8.8.8:53 | tzgsxtz.com | udp |
| US | 8.8.8.8:53 | qlqisbqm.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | ughmzwtcrmo.info | udp |
| US | 8.8.8.8:53 | cgswma.info | udp |
| US | 8.8.8.8:53 | ufqtbzkmvnav.net | udp |
| US | 8.8.8.8:53 | xjndxmj.com | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | xvjslyqmk.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | oyboclfwi.net | udp |
| US | 8.8.8.8:53 | aoehdvlgy.net | udp |
| US | 8.8.8.8:53 | gohmnitogix.info | udp |
| US | 8.8.8.8:53 | oxxtgggg.net | udp |
| US | 8.8.8.8:53 | hdiyhkbkreb.com | udp |
| US | 8.8.8.8:53 | hwxdacz.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | jhzhei.net | udp |
| US | 8.8.8.8:53 | iykdabiu.info | udp |
| US | 8.8.8.8:53 | adnymfvev.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
| MD5 | 54aeff0c4fd8fc2e88e767ac2b0ea55d |
| SHA1 | cc71cb7d188f1bd86a2513ab51b7cf48f40a57ee |
| SHA256 | eb41da70b4797f753d6aa4e320b88eee9936bdad9a2c5a0a4036e077303760d6 |
| SHA512 | d3ef262ec71e24a1f3d515332afe14a2bad30272fbadd5619363fcedcf53dfd7671aea8dd396a03935017235965581cfd2c1acd5d9437654e6d666d35dc31052 |
C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe
| MD5 | bad3aa8bfd42552d828c35c8202f43f6 |
| SHA1 | 8e4baedd28bfa1b0cad3643a3dee24449a0a1df9 |
| SHA256 | 395f67fccccbea1c99cb243f2ff7994bfc211a19b3e3b583be219265b060d828 |
| SHA512 | ec58caa9b81e0f590f38b2592fab525b2f1efd3ab7fe89009dfc6bf8cf35c713d487f2ae9038175545261e3071901ec82699e302b07159de0543727c8a430421 |
C:\Users\Admin\AppData\Local\Temp\dfiop.exe
| MD5 | 315eda4cc67b7bf0cb8c0dfa1229f695 |
| SHA1 | 268eb60b65fcfc3d27f81696fd75fd0f6ad61a1f |
| SHA256 | 49c05ff46b757ca5d32462a5812b523ceb3c3110f7be415b6194a9e996e4e1b3 |
| SHA512 | 0fc2cad4c4678a0e2f0549f690fb6980fd8e6441dae5b6a1ed81f27f3a6cd2f092b3f2b650da4a6a35da54a4ff933d3da27ba5e7640c6df9631530b17de0f2fc |
C:\Users\Admin\AppData\Local\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep
| MD5 | b1003d4a1dd67a3664c0d197dfec91db |
| SHA1 | 78664d370202bc23f9a3ad9b97aeb0d918d3c5c6 |
| SHA256 | 03f1f9ff236c433874a4fb62754982ef27168ed93db81178f222c7b7332f8b7b |
| SHA512 | 0e45a190d93893f9551e78563d1dd8619072c97a2ded5644ea241e04dbb67d30ead2387578afc769c1b6d9b1e1025c27321e232676f7b67263fb79f1d923c192 |
C:\Users\Admin\AppData\Local\uvxcciqobyifzduvdnoprwwcki.scz
| MD5 | 7e3c95ff7b9b373611a9c770cd73104b |
| SHA1 | 25d6fa3ddf52ec877a0326beaeb23c4d26698109 |
| SHA256 | 48aabdda7bf55bb32c21855025c725101efcf34b7b1b2bb0e390c686c4828d38 |
| SHA512 | 694e76ebf72e0097ae08e32bf10876a4c9110e2665151352cef880374d062fabf100a48c62391385a4aa2e4baa1cd4e7af3617a882214d935fb60e3ae29f3e10 |
C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz
| MD5 | 8b5eb976ea650e77765eddde0625893c |
| SHA1 | 9cf6cee48b22679a390ebee196b57a0a57c39d36 |
| SHA256 | bcd1f9fdfb365f86e0ef7dae33747219903865441e6bee4442d84dfedb130770 |
| SHA512 | 621ecc2f2e36f688f7bbad0d4a7420ba7c2fc026647061e39fea1ed7a92fd6d227558706b55f34ed3c24cf75391e2d929e22f6e558ac33ec6bd8cf37771fe37a |
C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz
| MD5 | 75ad5867a995a77f89ca7b21da6cab34 |
| SHA1 | 33593754bf74fccad326d70edbf1ec4a8f2aaeb0 |
| SHA256 | 9c4b0d833451f431855a3282e273a7f4cfba77d02e10399edb8ce76c4fbdc02b |
| SHA512 | 085376350842d05c1e48d7fae223fa7b28cef4ad1d04a48648f3dd95d4f27d5758981b29185419f43f3e903ff8aa1292a0e934875bae96a18057cd387c3fc9a1 |
C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz
| MD5 | 7b8769f6309bae52e3516b9cdfa62cdd |
| SHA1 | cc1a120640f4d360156b83919e593e4a6435c218 |
| SHA256 | 545a5aed356083c7d57934b1a7aa152ffc9e26c32fc97f36684905a98d7f7a69 |
| SHA512 | 62fe62a0a29af33566ee1d989b5ee4c237f3ed83f66b0aa0e60128ff7c73df8d242d7054b2e93aeeb6cad94040a5883aa1b80466a41c9f9ab0beed64bbfd9edc |
C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz
| MD5 | b6c4afbbed88bf6673d74e159a4c1e15 |
| SHA1 | b86c117cc6540ebc33c79ea810024ea9bddb9186 |
| SHA256 | 936b126f487ec26a7944aed7fb6f117e565631a47e80af9f4a9b824c7815e381 |
| SHA512 | 95e3f1da51d7f07fe2d422c99fa60be6382a5f3a45123b675b60e0de767f0dc3246e410e930d9a4790c5693a62bd0c623570bd8cd6880cdf38b3986cb801436f |
C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz
| MD5 | 21b98af547a1ae70e56ff4e16e6921d2 |
| SHA1 | d305447748e62921cbb73089ba2b250a03b3d141 |
| SHA256 | 3a95ac2d0be65966588c0ff27a6628a6c7777d8b2233cf8a49adda66d2ef4977 |
| SHA512 | 5edcd47a8a7a65df04f4683a1448946a495f2b0fbb37b5a6c1b3a4f892db55093a35f84ea70bce95dfc73846c28104bf7e2c4982b87f0e4ca0d3dbc8d65f61cb |
C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz
| MD5 | a653210de949aafba5c091bccc054690 |
| SHA1 | c17db139ca9d4de68f41b7047c8cc826b399a28c |
| SHA256 | 75f89fd6a1e312b54e0bc6f151e145f061029a39e51c147abac9753570d06983 |
| SHA512 | b09d4125a8852b696585d8fb73e0d7f55e17fc65e058eb0235016cf581bb7e7a17ab8f91815f3a3bce3ad436ae2e10cea64e64382b3e724d1fe1d19fbc09ef9c |